Inform a Colleague

Data protection law requires that personal information be held and used securely. The law also requires that relevant security arrangements be put in place for all outsourcing arrangements. News headlines consistently show that organisations are not doing enough to ensure the security of people’s personal information, both within the organisation and externally. It is not always obvious what measures should be taken by organisations to comply with the legal obligations.

This session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and the implications of Brexit, examines the law as it relates to data security and the practical steps that organisations need to take to ensure compliance with their obligations. It concentrates on how to avoid a data security breach, as well as what can be done to mitigate the effects of a breach that does occur. It also considers the steps that must be taken when an organisation outsources operations, such as payroll, website hosting, digitisation of records, debt collection and waste management. The session considers lessons that must be learned by the fines that have been imposed by regulators. Key aspects of this session include:

analysis of the underlying law including a detailed review of the data security obligations

the latest guidance from regulators

data security implications of using external contractors and outsourced service providers, as well as sub-contractors

examination of the regulator’s power to issue fines for security breaches and other legal and commercial consequences of such breaches

managing a data security breach - law and best practice

relevant information security standards, including ISO27001

laptop encryption - when it is required

informing individuals and notifying the regulator about data security breaches - what is required?

confinement strategies to prevent further dissemination of lost or stolen data, as well as to mitigate fines